使用 ldap 身份验证的 Geronimo webapp
我使用 Apache Geronimo 作为我的应用程序服务器。身份验证是使用 Apache 目录服务通过 LDAP 进行的。我以前没有任何 JavaEE 软件开发经验,所以请放心。如果我需要更详细地解释任何内容,请告诉我。
基本上,我的登录步骤与 geronimo 文档中的这个示例非常相似: https://cwiki.apache.org/GMOxDOC22/ ldap-sample-app-ldap-sample-application.html
当用户尝试登录时,会发生三种不同的行为:
当用户使用正确的用户名(位于正确的 LDAP 组,它们将被带到站点的安全区域。而且我不确定如何让用户退出网站,直到会话结束。
当用户使用不在 LDAP 目录中的用户名/密码登录时,用户将被重定向到 /auth/logonError.html?param=test (此位置在“web.xml”中指定)
当用户使用不属于适当组的正确用户名/密码登录时,他们会被重定向到“HTTP 403 禁止页面”。 ldap 示例底部有此页面的示例。行为应该与未经身份验证的用户相同。
在所有这些情况下,用户无法重试登录过程,直到浏览器重新启动或使用不同的浏览器。这是我遇到的大问题。
我希望发生以下情况。
经过正确身份验证的用户可以注销,然后尝试再次登录。
经过未正确验证的用户将被重定向到登录屏幕,并被告知重试。
我需要做什么才能实现这一点?感谢您的帮助。
I'm using Apache Geronimo as my application server. And authentication is happening over LDAP using Apache Directory Service. I don't have any previous experience with JavaEE software development, so please take it easy on me. Let me know if I need to explain anything in more detail.
Basically my login step is pretty similar to this example from the geronimo documentation:
https://cwiki.apache.org/GMOxDOC22/ldap-sample-app-ldap-sample-application.html
There are three different behaviors that are happening when a user is trying to login:
When a user logs in with the correct username, which is in the correct ldap group, they are taken to a secure area of the site. And I'm not sure how to log the user out of the site until their session ends.
When a user logs in with a username/password that isn't in the LDAP directory, the user is redirected to /auth/logonError.html?param=test (this location is specified in in 'web.xml')
When a user logs in with a correct username/password that is not in the appropriate group, they are redirected to a "HTTP 403 forbidden page". There is an example of this page at the bottom of the ldap sample. The behavior should be the same as an unauthenticated user.
In all of these cases, there is no way for the user to retry the login process until the browser is restarted or a different browser is used. This is the big problem that I am having.
I would like the following scenarios to happen.
A properly authenticated user can logout, and try to login again.
A improperly authenticated user is redirected to the login screen, and told to try again.
What do I need to do to make this happen? Thanks for your help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这不是总是会发生吗?你遇到了一个问题,纠结了几天,最后将其发布到 StackOverflow(或任何地方),然后你就相对容易地解决了问题。
我对我的应用程序进行了一些更改,解决了该问题。我正在发布我所做的事情,以防有人从谷歌中偶然发现类似问题。
首先,我创建了一个 servlet(称为 EndSessionServlet)来执行此操作:
然后我将其添加到我的 web.xml 文件中:
我还更改了 web.xml 中的表单错误页面:
我在以下部分中添加了一个链接经过 EndSessionServlet 身份验证的网页。因此,经过身份验证的用户现在可以正确注销。
对于三种情况:
所以现在所有场景都运行良好。
Doesn't this always happen. You run into a problem, struggle with it for a few days, finally post it to StackOverflow( or wherever ), and then you solve the problem relatively easily.
I made some changes to my application that fixed the problem. I'm posting what I did in case anyone stumbles across this from google with a similar problem.
First I created a servlet( called EndSessionServlet) that just did this:
And then I added this to my web.xml file:
And I also changed the form-error-page in web.xml:
And I added a link in the section of the webpage that is authenticated to the EndSessionServlet. So the authenticated user can now logout properly.
For the three scenarios:
So all of the scenarios work fine now.